Converts all special characters to their HTML-entity equivalents via tmlspecialchars()

When combined, these two functions eliminate any chance of a successful XSS attack. All tags are removed and all quotes and other special characters are encoded. So yeah, XSS is not gonna happen when using the sanitize_xss() function provided above.

Example

For those who may be new to PHP, here is an example of how this function would be used. Let’s say that you have a variable named $user_input that you want to sanitize before echoing to the browser. All you need to do is: